When it comes to IT security, there is always something new around the corner. Threats are constantly evolving. The bad guys are constantly finding ways to get through defences. Unfortunately, this isn’t just sophisticated, technical attacks but often, very simple emails, either pretending to be from Apple or Amazon etc or claiming they have something of yours and threatening to expose the data/video etc.
When you study this kind of things like I have to, you can quickly recognise the type of language used, the time limit, the threat, the easy way to pay. The stress the email tries to put you under so that you don’t think straight and panic. They want to make you panic and pay them because you’re scared of what may happen. Don’t stop and think, don’t ask someone for help, just pay and make this problem go away.
Let me first assure you that these guys don’t have pictures of you giving yourself a treat. This is a mass attack, not a small, concentrated one. They could possibly get a picture of you via your webcam but it would take a lot of skills and time. And unless you are constantly treating yourself, it is unlikely they will get the timing right to catch you in the act.
What they have managed to do is to use hacked data to get hold of your email address and a password. The password is probably old and may have been changed already but because you recognise it, you panic. Hundreds of large organisations have been hacked who have some of our data and this is what is being exploited.
Yahoo was hacked, Dropbox, Equifax, eBay, the list goes on. There is a huge amount of our data out there. The problem is, despite its age and limitations, the bad guys are finding ways to utilise it.
Is a serious internet crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favours, or money.
Here are some things you can do to avoid becoming a victim:
- Never send compromising images of yourself to anyone, no matter who they are — or who they say they are (Dating sites)
- Be very wary of opening any attachments in email, regardless of whether you know the person or not.
- Cover any web cameras when you are not using them.
If you receive an email that claims they have a video of you viewing pornography, do not answer, delete the scam email and do not pay any amount in any form.
In many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, report it to the police.
The email you receive, claims to have compromising images of the recipient and goes on to ask for payment in order to stop the images being released publicly. This is known as sextortion, and has been used for years. What makes this scam different is that it’s added something extra: it contains a real password used by the victim.
Here is an example of the email:
I do know, [PASSWORD REDACTED], is your password. You do not know me and you are probably thinking why you are getting this e mail, correct?
actually, I placed a malware on the adult videos (pornography) website and do you know what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated working as a RDP (Remote Desktop) that has a key logger which gave me accessibility to your display and also webcam. after that, my software program obtained all your contacts from your Messenger, Facebook, as well as email.
What exactly did I do?
I made a double-screen video. First part displays the video you were viewing (you’ve got a nice taste haha), and second part shows the recording of your webcam.
exactly what should you do?
Well, I believe, $2900 is a reasonable price tag for our little secret. You’ll make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 19ZFj3nLSJCgoAcvZSgxs6fWoEmvJhfKkY
(It is cAsE sensitive, so copy and paste it)
You have one day to make the payment. (I’ve a unique pixel within this email message, and now I know that you have read this e mail). If I do not get the BitCoins, I will definitely send out your video to all of your contacts including relatives, co-workers, and so forth. Nonetheless, if I receive the payment, I’ll erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video to your 9 friends. It is a non-negotiable offer, that being said do not waste my time and yours by replying to this e-mail.I do know, [PASSWORD REDACTED],
The Anti-Phishing Working Group (APWG) most recent report covers the phishing trends found in Q1 of 2018.
The highlights of the report included:
- Over 11,000 phishing domains were created in Q1
- The total number of phishing sites increased 46% over Q4 2017
- The use of SSL certificates on phishing sites continues to increase to lull visitors into a false sense of security and site legitimacy.
All three of these trends add up to one thing – the bad guys are rapidly becoming more sophisticated and basically just spending a bit more time to orchestrate attacks. The higher the threat levels they can establish through targeted spear phishing attacks which leverage very private information, the more successful the campaign.
A lot of these bad guys (threat actors) come from poor backgrounds. They have an opportunity to make a ridiculous amount of money and basically have nothing to lose. They have no morals and don’t realise the full extent of the harm they cause.